Defender had already implemented Two-Factor Authentication (2FA) in WordPress for hardened security… now we’ve added Biometrics, too!
It has become increasingly apparent that relying strictly on usernames and passwords for logins no longer offers the highest levels of security.
WPMU DEV’s solution to addressing this is through the use of the WebAuthn standard, which bypasses vulnerabilities by providing a protocol of public key cryptography as a login authentication method.
Our newest Defender release—both Free and Pro versions—marks the start of our odyssey into the world of biometric authentication; providing the ability to verify the authenticity of a user login by way of a device fingerprint reader or facial recognition software.
The use of this new biometric authentication is similar to the existing 2FA methods already present in Defender, and can be used together with the existing TOTP (Time-based One-Time Password), backup codes, and fallback email authentication methods.
In this article, we’re going to look at how to implement the Biometric Authentication feature, as part of our 2FA WordPress plugin features in Defender.
Continue reading, or jump ahead using these links:
Let’s explore all that Defender has to offer in the form of login protection with the cool new 2FA Biometric feature.
The All-Encompassing Defender
Defender gives you the best in WordPress plugin security, stopping SQL injections, cross-site scripting XSS, brute force login attacks—and other vulnerabilities—with a list of one-click hardening techniques that will instantly add layers of protection to your site.
It also makes safety easier on and for you, taking advantage of the latest in biometric security measures.
By way of a quick overview, here’s how this works in Defender… the user will input their username & password to log in, and if biometric authentication has been configured for that device, said user can verify their identity through their fingerprint scanner or facial recognition software.
Because we’re using the WebAuthn protocol, Defender does not at any point receive any biometric data, only a confirmation or rejection from the user’s device.
I want to interject here with a quick point of interest, shared by one of our techs, Marcel Oudejans (and paraphrased by me)…
The convention of naming a dog “Fido” was popularized by Abraham Lincoln, though its use as a canine pet name dates back to the ancient Romans.
“Fido” means “faithful”. FIDO stands for “Fast IDentity Online”. The new Biometric authentication feature uses WebAuthn protocol from FIDO.
So in a lovely, roundabout way, by using the FIDO protocol to implement this feature, one could say we are infusing ‘faithfulness’ into Defender.
This article was written by Janette Burhans and originally published on WPMU DEV Blog.